This command modifies an entry for a user group in the user catalog of the specified pubset.

If the /MODIFY-USER-GROUP command is issued by a global user administrator, the group structure affected by the command is not subject to any restrictions; in this case it may refer to any group and be issued at any time.

The following restrictions apply if the command is issued by a group administrator; they are contingent upon the variant of the group administrator privilege (ADM-AUTHORITY) defined for his user group:

The following restriction applies to the user group *UNIVERSAL:

Since there are no restrictions with regard to the group potential and the rights of the user group *UNIVERSAL, only the operands ADD-GROUP-MEMBERS,
GROUP-ADMINISTRATOR, PUBSET and GROUP-IDENTIFICATION should (and can) be specified.

For the command to be accepted, the global administrator issuing the command must be registered as such on the home pubset of the current BS2000 session, while the group administrator must be registered as such on the pubset specified via the PUBSET operand.

GROUP-IDENTIFICATION =
Group ID of the group whose entry in the user catalog of the pubset specified via the PUBSET operand is to be modified.

GROUP-IDENTIFICATION = *OWN
The entry for the group of which the command-issuing user is a member is to be modified.

GROUP-IDENTIFICATION = *UNIVERSAL
This operand enables a global user administrator to designate a group administrator for the *UNIVERSAL group for the first time. This group administrator is authorized to manage user groups at the highest level of the group structure.

A MODIFY-USER-GROUP command referring to the *UNIVERSAL group must not be issued with any operands other than GROUP-ADMINISTRATOR, PUBSET and ADD-GROUP-MEMBER. All other operands are prohibited and consequently ignored; the command is, however executed after display of the SRM5012 warning.

GROUP-IDENTIFICATION = <name 1..8>
Group ID of the user group whose entry is to be modified. If the command is issued by a group administrator, it is valid only for the group structure subordinate to his group, while a global user administrator may modify the entries for any user group.

PUBSET=
Pubset in whose user catalog a group entry is to be modified.

PUBSET= *HOME
The group entry to be modified is in the user catalog of the home pubset of the current BS2000 session.

PUBSET= <cat-id 1..4>
Catalog ID of the pubset in which a group entry is to be modified. The command is rejected if the specified pubset is not active in the local system.

UPPER-GROUP = *UNCHANGED / *OWN / *UNIVERSAL / <name 1..8>
User group which is superordinate to the user group in the group hierarchy (reassignment of a user group). A distinction is made between the following cases:

• If the command is issued by a group administrator, the superordinate group must be a group of the substructure to which his group administrator privilege applies (this presupposes ADM-AUTHORITY=*MANAGE-GROUPS).

• A global user administrator has access to all groups of the entire group structure and is authorized to modify the group structure as required.

UPPER-GROUP = *OWN
The new user group is to be a subgroup of the group of the group administrator issuing the /MODIFY-USER-GROUP command. Even if the command-issuing user ID is a global user administrator, the new group is not automatically attached to the *UNIVERSAL group but to the user group of which the command-issuing user ID is a member.

UPPER-GROUP = *UNIVERSAL
This operand enables a global user administrator or the group administrator of the *UNIVERSAL group to move a user group to the highest level of the group structure.
A MODIFY-USER-GROUP command with UPPER-GROUP=*UNIVERSAL is rejected if the command-issuing user ID is neither a global administrator nor the group administrator of the *UNIVERSAL group.

UPPER-GROUP = <name 1..8>
The user group is attached as a subgroup to the specified user group. The superordinate group must already exist on the specified pubset.

GROUP-ADMINISTRATOR = *UNCHANGED / *NONE / <name 1..8>
User ID designated as the group administrator. The user ID must already be a member of the user group. This condition is assumed to be fulfilled if the user ID is specified via the ADD-GROUP-MEMBER operand in this command.

The command is rejected if the specified user ID is already the group administrator of another user group on the pubset specified via PUBSET. If the user ID is to be designated as the group administrator of this group nevertheless, the other user group must first be assigned a new group administrator (or *NONE).

The command is rejected if the user ID to be designated as the group administrator possesses the USER-ADMINISTRATION or SECURITY-ADMINISTRATION privilege, since the combination of functions ’group administrator + USER-ADMINISTRATION privilege’ or ’group administrator + SECURITY-ADMINISTRATION privilege’ is prohibited. The check to this effect is made against both the home pubset of the current session and the pubset specified via the PUBSET operand.

A warning is output if one of the function combinations described above occurs. The USER-ADMINISTRATION privilege is given priority during command processing.

GROUP-ADMINISTRATOR = *NONE
No group administrator is designated for this group. In this case, the group is managed by the group administrator of a superordinate user group or by a global user administrator.
If a group administrator existed for this group before the /MODIFY-USER-GROUP
command, this designation is revoked and the user ID is “downgraded” to the status of an ordinary group member.

GROUP-ADMINISTRATOR = <name 1..8>
User ID of the new group administrator. The user ID must have been entered on the appropriate pubset by means of an /ADD-USER command prior to its designation as group administrator. If a group administrator existed for this group before the /MODIFY-USER-GROUP command, this designation is revoked and the user ID is “downgraded” to the status of an ordinary group member.

If the specified user ID is the previous group administrator of this group, the operand is ignored and the command is processed quite normally.

ADD-GROUP-MEMBER =
The specified user IDs are added as members of this user group. Any previous membership of another user group is implicitly canceled. If the command-issuing user is a group administrator possessing at least the MANAGE-MEMBERS privilege, the user IDs must be part of the group structure that is subject to administration by this group administrator.
The list of user IDs specified here must not contain any group administrator of another user group.

The POSIX group number of the transferred user ID is set to the value of the default group number (see also the /MODIFY-POSIX-USER-DEFAULTS command in the “Commands” manual [4]).

ADD-GROUP-MEMBER = *NONE
The existing group membership assignments are retained.

ADD-GROUP-MEMBER = <name 1..8>
List of user IDs removed from their previous groups and reassigned as members of the current user group. More than 127 additional group members must be assigned by subsequent /MODIFY-USER-GROUP commands. The user IDs must be part of the group structure that is subject to administration by the command-issuing user ID.

ADM-AUTHORITY =
This defines the privilege assigned to the group administrator of this user group.

ADM-AUTHORITY = *MANAGE-RESOURCES
The group administrator is authorized to manage the resources and rights of the individual user IDs which are members either of his own group or of any of its subgroups; he is not authorized to create or delete user IDs or to reassign them to another user group. The group administrator is authorized to manage the resources and rights of his own group or of any of its subgroups, but is not authorized to modify the group structure subject to his administration, i.e. he may neither create, reassign nor delete any user groups or group members.

ADM-AUTHORITY = *MANAGE-MEMBERS
The group administrator is authorized to create, delete or suspend/readmit (LOCK-USER and UNLOCK-USER) user IDs that are members of his own user group or any of its subgroups and to reassign them to another user group. The MANAGE-MEMBERS privilege automatically implies the MANAGE-RESOURCES variant.

ADM-AUTHORITY = *MANAGE-GROUPS
The group administrator is authorized to modify the group structure subordinate to his own group by creating or deleting user groups or changing their position within the group structure. The MANAGE-GROUPS privilege automatically implies the MANAGE-
MEMBERS variant.

MAX-GROUP-MEMBERS = *UNCHANGED / *STD / <integer 0..32767>
This defines the maximum number of user IDs that may be assigned as members of this user group and any of its subgroups.

MAX-GROUP-MEMBERS = *STD
The user group must not be assigned any user IDs.

MAX-GROUP-MEMBERS = <integer 0..32767>
Maximum number of user IDs that may be assigned as members of this user group.

GROUP-MEMBER-PREFIX =
Specifies the prefix with which the names of group members (user IDs) must begin. This prefix, or any other prefix which is a subset of this prefix, may be assigned to group members by group administrators whose user group possesses the ADM-AUTHORITY MANAGE-GROUPS (SECOS, for example, is a subset of the prefix SEC).

GROUP-MEMBER-PREFIX = *ANY
Any prefix is permitted.

GROUP-MEMBER-PREFIX = <name 1..7>
Specification of a prefix for group member names.

MAX-SUB-GROUPS = *UNCHANGED / *STD / <integer 0..32767>
This defines the maximum number of user groups that may be assigned as subgroups of this user group and any of its subgroups.

MAX-SUB-GROUPS = *STD
The user group must not be assigned any subgroups.

MAX-SUB-GROUPS = <integer 0..32767>
Maximum number of subgroups that may be assigned as subgroups of this user group.

USER-GROUP-PREFIX =
Specifies the prefix with which the names of subgroups must begin. This prefix, or any other prefix which is a subset of this prefix, may be assigned to subgroups by group administrators whose user group possesses the ADM-AUTHORITY MANAGE-MEMBERS (SRPM, for example, is a subset of the prefix SRP).

USER-GROUP-PREFIX = *ANY
Any prefix is permitted.

USER-GROUP-PREFIX = <name 1..7>
Specification of a prefix for subgroup names.

PUBLIC-SPACE-LIMIT = *UNCHANGED / *MAXIMUM / <integer 0..2147483647>
This defines the maximum amount of storage space that the files of the members of this user group may occupy on public volumes of the pubset specified via the PUBSET operand. The group administrator may allocate this amount of space or less space to subgroups and individual members. The specified value must be <= 2,147,483,647.

PUBLIC-SPACE-LIMIT = *MAXIMUM
The upper limit is 2,147,483,647 PAM pages.

PUBLIC-SPACE-LIMIT = <integer 0..2147483647>
Number of PAM blocks allocated as the upper limit.

PUBLIC-SPACE-EXCESS = *UNCHANGED / *NO / *TEMPORARILY-ALLOWED /*ALLOWED
This redefines the group administrator’s authorization to allow individual members or subgroups to occupy more than the amount of space defined via the PUBLIC-SPACE-LIMIT operand.

PUBLIC-SPACE-EXCESS = *NO
The group administrator must not authorize individual members or subgroups to exceed the value specified via PUBLIC-SPACE-LIMIT.

PUBLIC-SPACE-EXCESS = *TEMPORARILY-ALLOWED
The storage space limit may be exceeded providing the upper limit was not already reached at LOGON time.

PUBLIC-SPACE-EXCESS = *ALLOWED
The group administrator may authorize individual members or subgroups to exceed the value specified via PUBLIC-SPACE-LIMIT.

FILE-NUMBER-LIMIT =
Specifies the maximum number of files which may be created. This upper limit or a lower value may be passed on to subgroups or group members.

FILE-NUMBER-LIMIT = *MAXIMUM
The maximum permitted number of files is 16,777,215.

FILE-NUMBER-LIMIT = <integer 0..16777215>
Specifies the precise maximum permitted number of catalog entries.

JV-NUMBER-LIMIT =
Specifies the maximum number of job variables which may be created. This upper limit or a lower value may be passed on to subgroups or group members.

JV-NUMBER-LIMIT = *MAXIMUM
The maximum permitted number of job variables is 16,777,215.

JV-NUMBER-LIMIT = <integer 0..16777215>
Specifies the precise maximum permitted number of job variables.

TEMP-SPACE-LIMIT =
Specifies the maximum amount of temporary storage space which may be occupied on the public volume named in the PUBSET operand. This upper limit or a lower value may be passed on to subgroups or group members.

TEMP-SPACE-LIMIT = *MAXIMUM
The maximum group potential is 2,147,483,647.

TEMP-SPACE-LIMIT = <integer 0..2147483647>
Specifies the precise group potential.

WORK-SPACE-LIMIT = *MAXIMUM / <integer 0..2147483647>
This defines the upper limit for the value which a group administrator may specify as the WORK-SPACE-LIMIT for a pubset for his subgroup or group members. It only makes sense to specify this operand in conjunction with an SM pubset.

WORK-SPACE-LIMIT = *MAXIMUM
The upper limit for the value which a group administrator may specify as the WORK-SPACE-LIMIT is to be set to 2147483647.

DMS-TUNING-RESOURCES =
Specifies which performance measures may be implemented and how they may be used. This authorization or a lower authorization may be passed on to subgroups or group members. The effects of the various tuning measures are described in the command ADD-USER-GROUP.

DMS-TUNING-RESOURCES = *NONE
No tuning measures may be used.

DMS-TUNING-RESOURCES = *CONCURRENT-USE
The user may reserve preferred resources, but must compete for these with all other users with the same authorization.

DMS-TUNING-RESOURCES = *EXCLUSIVE-USE
The user may exclusively reserve preferred resources.

TAPE-ACCESS =
This determines whether the group administrator is authorized to grant users any of the following TAPE-ACCESS rights (see the /ADD-USER and /MODIFY-USER-ATTRIBUTES commands).

TAPE-ACCESS = *STD
It is not permissible to ignore any error messages.

TAPE-ACCESS = *PRIVILEGED
Error messages referring to output files may be ignored.

TAPE-ACCESS = *READ
Error messages referring to input files may be ignored.

TAPE-ACCESS = *BYPASS-LABEL
Label checking may be deactivated for tapes processed in INPUT or REVERSE mode (implies TAPE-ACCESS=READ).

TAPE-ACCESS = *ALL
ll error messages may be ignored (implies TAPE-ACCESS=*READ, TAPE-ACCESS=*PRIVILEGED and TAPE-ACCESS=*BYPASS-LABEL). The following rules apply when the group administrator specifies a specific value for the TAPE-ACCESS operand in a command that refers to a group member:

FILE-AUDIT = *UNCHANGED / *NO / *YES
This determines whether the group administrator is authorized to permit individual group members or subgroups to activate the AUDIT function.

FILE-AUDIT = *NO
The group administrator must not authorize group members or subgroups to activate the AUDIT function.

FILE-AUDIT = *YES
The group administrator may authorize group members or subgroups to activate the AUDIT function.

CSTMP-MACRO = *UNCHANGED / *NO / *YES
This determines whether the group administrator is authorized to grant group members or subgroups the right to use the CSTMP macro (see the /ADD-USER and /MODIFY-USER-ATTRIBUTES commands).

CSTMP-MACRO = *NO
The group administrator must not grant group members or subgroups the right to use the CSTMP macro.

CSTMP-MACRO = *YES
The group administrator may grant group members or subgroups the right to use the CSTMP macro.

RESIDENT-PAGES = *UNCHANGED / *STD / *MAXIMUM / <integer 0..2147483647>
This determines whether resident pages of main memory may be used. The maximum value specified here (and the value specified for MODIFY-SYSTEM-BIAS) are used when checking the value specified via the operand RESIDENT-PAGES=PARAMETERS (MINIMUM=<integer 0..2147483647>) of the LOAD-/START-EXECUTABLE-PROGRAM (resp. LOAD-/START-PROGRAM) command. This maximum value – or less – may be allocated to individual group members or subgroups.

RESIDENT-PAGES = *STD
The user is permitted to occupy 32767 memory-resident pages.

RESIDENT-PAGES = *MAXIMUM
The maximum value is to be 2,147,483,647 memory-resident pages.

RESIDENT-PAGES = <integer 0..2147483647>
The user is allowed to occupy up to the specified number of memory-resident pages.

ADDRESS-SPACE-LIMIT = *UNCHANGED / *STD / <integer 1..2147483647>
This defines the maximum size of the user address space available to this group (in megabytes). This maximum size – or less – may be allocated to individual group members or subgroups.

ADDRESS-SPACE-LIMIT = *STD
The value of the system parameter SYSGJASL is assigned (the system parameter SYSGJASL has the default value 16 MB, see the SHOW-SYSTEM-PARAMETERS command in the “Commands” manual [4]).
The default value of 16 megabytes is allocated.

ADDRESS-SPACE-LIMIT = <integer 1..2147483647>
A value between 1 and 2,147,483,647 megabytes is allocated.

TEST-OPTIONS = *UNCHANGED / *PARAMETERS(...)
This defines the potential test privilege assigned to this group.

TEST-OPTIONS = *PARAMETERS(...)
The group administrator may assign test privileges to members of his own group or subordinate groups within the range of values specified here.

READ-PRIVILEGE = *UNCHANGED / *STD / <integer 1..9>
Maximum read privilege.

READ-PRIVILEGE = *STD
The maximum read privilege has the value 1.

READ-PRIVILEGE = <integer 1..9>
Value of the maximum read privilege.

WRITE-PRIVILEGE = *UNCHANGED / *STD / <integer 1..9>
Maximum write privilege.

WRITE-PRIVILEGE = *STD
The maximum write privilege has the value 1.

WRITE-PRIVILEGE = <integer 1..9>
Value of the maximum write privilege.

MODIFICATION = *UNCHANGED / *CONTROLLED / *UNCONTROLLED
This modifies the group administrator’s authorization to grant individual group members or subgroups one of the MODIFICATION privileges.

MODIFICATION = *CONTROLLED
The group administrator may grant individual group members or subgroups the MODIFICATION privilege CONTROLLED only. He is not authorized to change the MODIFICATION privilege to UNCONTROLLED.

MODIFICATION = *UNCONTROLLED
The group administrator may grant individual group members or subgroups either of the MODIFICATION privileges CONTROLLED or UNCONTROLLED.

ADD-PROFILE-ID =
This adds one or more SDF profile IDs to the group potential of SDF profile IDs which the group administrator may assign to individual group members and subgroups. There is no interaction between this operand and the REMOVE-PROFILE-ID operand: the command is rejected if the same value is specified for the ADD-PROFILE-ID operand and for the REMOVE-PROFILE-ID operand (REMOVE-PROFILE-ID=*ALL has the same effect as entering a list of all profile IDs stored).

ADD-PROFILE-ID = *NONE
The current definitions are retained.

ADD-PROFILE-ID = list-poss(127): <structured-name 1..30>
Profile IDs of the group syntax files added to the group potential of this user group.

REMOVE-PROFILE-ID =
This removes from the group potential one, several or all profile IDs for SDF syntax files that the group administrator may assign to individual group members and subgroups. There is no interaction between this operand and the ADD-PROFILE-ID operand: the command is rejected if the same value is specified for the ADD-PROFILE-ID operand and for the REMOVE-PROFILE-ID operand.

REMOVE-PROFILE-ID = *NONE
The current definitions are retained.

REMOVE-PROFILE-ID = *ALL
All profile IDs are deleted. The command is rejected if any of the names thus deleted is identical with a name specified via the ADD-PROFILE-ID operand.

REMOVE-PROFILE-ID = list-poss(127): <structured-name 1..30>
Profile IDs of the group syntax files to be removed from the group potential of this user group.

MAX-ACCOUNT-RECORDS = *UNCHANGED / *STD / *NO-LIMIT / <integer 0..32767>
This defines the group potential of rights with respect to the writing of user-specific accounting records. The values specified here determine the rights that the group administrator is authorized to assign to members of his own user group or of the subordinate group structure.

MAX-ACCOUNT-RECORDS = *STD
The user may write up to 100 user-specific accounting records per job or program to the accounting file. The user must not write any accounting records of his own (i.e. with a freely selectable record ID).

MAX-ACCOUNT-RECORDS = *NO-LIMIT
No limit is defined for the number of user-specific accounting records or the user’s own accounting records (i.e. with a freely selectable record ID) which the user may write per job or program to the accounting file.

MAX-ACCOUNT-RECORDS = <integer 0..32767>
This specifies the maximum number of user-specific accounting records that the user may write per job or program to the accounting file. The user must not write any accounting records of his own (i.e. with a freely selectable record ID).

PHYSICAL-ALLOCATION = *UNCHANGED / *NOT-ALLOWED / *ALLOWED
Specifies whether the group administrator can assign the right to use absolute storage space on the pubset (direct allocation) to group members or subgroups.

PHYSICAL-ALLOCATION = *NOT-ALLOWED
The user group is not allowed to undertake absolute storage space allocation for the pubset.

PHYSICAL-ALLOCATION = *ALLOWED
The user group is allowed to undertake absolute storage space allocation for the pubset.

HARDWARE-AUDIT = *UNCHANGED / *ALLOWED / *NOT-ALLOWED
Specifies whether the group administrator can assign the right to activate the hardware audit mode to group members or subgroups.

LINKAGE-AUDIT = *UNCHANGED / *ALLOWED / *NOT-ALLOWED
Specifies whether the group administrator can assign the right to activate the linkage audit mode to group members or subgroups.

CRYPTO-SESSION-LIMIT = *UNCHANGED / *STD / *MAXIMUM / <integer 0..32767>
Defines the maximum number of openCRYPT sessions within a BS2000 session that the group administrator may assign to group members or subgroups.

NET-STORAGE-USAGE = *UNCHANGED / *ALLOWED / *NOT-ALLOWED
Specifies whether the group administrator can assign the right to use memory space on a Net-Storage volume to group members or subgroups.

ADD-ACCOUNT =
The following specifications refer to an account number that is to be added to the group’s potential of account numbers.

ADD-ACCOUNT = *NONE
The current definitions are retained.

ADD-ACCOUNT = list-poss(127): <alphanum-name 1..8>(...)
New account number(s) to be included in the group potential of this user group. The command is rejected if any of the account numbers specified here is also specified via the MOD-ACCOUNT or REMOVE-ACCOUNT operand (REMOVE-ACCOUNT=*ALL has the same effect as entering a list of all account numbers stored).

CPU-LIMIT =
This defines the group’s potential of CPU seconds that may be allocated to group members and subgroups. This means that group members may be allocated CPU time up to this limit for job execution under the specified account number.

CPU-LIMIT = *MAXIMUM
The group potential of CPU time is 2,147,483,647 seconds.

CPU-LIMIT = <integer 0..2147483647>
The specified number is the group potential of CPU time in seconds (maximum value for each group ID).

SPOOLOUT-CLASS =
This defines the highest spoolout class that may be assigned to individual group members or user groups. In this context, STD (=0) or 1 is the highest possible spoolout class and 255 the lowest.

SPOOLOUT-CLASS = *STD
The spoolout class with the value 0 is to be the highest permissible spoolout class.

SPOOLOUT-CLASS = <integer 1..255>
Value representing the highest permissible spoolout class.

MAXIMUM-RUN-PRIORITY =
This defines the maximum run priority to be included in the group potential; individual group members and subgroups may subsequently be assigned the specified run priority.

MAXIMUM-RUN-PRIORITY = *STD
Default value from the system parameter SYSGJPRI.

MAXIMUM-RUN-PRIORITY = <integer 30..255>
Maximum run priority.

MAX-ALLOWED-CATEGORY =
This defines the task attributes with which the user may work. Individual group members or subgroups may be assigned a subset of the task attribute defined here (SYSTEM includes STD and TP, TP includes STD).

MAX-ALLOWED-CATEGORY = *STD
Tasks under the specified account number must not work with the task attribute TP.

MAX-ALLOWED-CATEGORY = *TP
Tasks under the specified account number may use the task attribute TP.

MAX-ALLOWED-CATEGORY = *SYSTEM
Tasks under the specified account number may use the task attributes TP and SYS.

NO-CPU-LIMIT =
This determines whether the group administrator is authorized to assign individual group members or subgroups NO-CPU-LIMIT.

NO-CPU-LIMIT = *NO
Individual group members or subgroups must not be assigned NO-CPU-LIMIT.

NO-CPU-LIMIT = *YES
Individual group members or subgroups may be assigned NO-CPU-LIMIT.

START-IMMEDIATE =
This determines whether the group administrator is authorized to grant individual group members or subgroups the right to use the job express function.

START-IMMEDIATE = *NO
Neither individual group members nor subgroups may be granted the right to use the job express function.

START-IMMEDIATE = *YES
The right to use the job express function may be granted both to individual group members and to subgroups.

INHIBIT-DEACTIVATION =
This determines whether the group administrator is authorized to grant group members or subgroups the right to make use of the deactivation inhibit function for jobs under this account number.

INHIBIT-DEACTIVATION = *NO
Individual group members or subgroups must not be granted the right to make use of the deactivation inhibit function for jobs under this account number.

INHIBIT-DEACTIVATION = *YES
Individual group members or subgroups may be granted the right to make use of the deactivation inhibit function for jobs under this account number.

MODIFY-ACCOUNT =
The following specifications refer to an account number that is to be modified. The command is rejected if any of the account numbers specified here is also specified via the ADD-ACCOUNT or REMOVE-ACCOUNT operand.

MODIFY-ACCOUNT = *NONE
The current definitions are retained.

MODIFY-ACCOUNT = list-poss(127): <alphanum-name 1..8>(...)
Account number(s) to be modified.

CPU-LIMIT = *UNCHANGED / *MAXIMUM / <integer 0..2147483647>
This defines the group’s potential of CPU seconds that may be allocated to group members and subgroups.

CPU-LIMIT = *MAXIMUM
The group potential of CPU time is 2,147,483,647 seconds.

CPU-LIMIT = <integer 0..2147483647>
The specified number is the group potential of CPU time in seconds.

SPOOLOUT-CLASS = *UNCHANGED / *STD / <integer 1..255>
This defines the highest spoolout class that may be assigned to individual group members or user groups.

SPOOLOUT-CLASS = *STD
The spoolout class with the value 0 is to be the highest permissible spoolout class.

SPOOLOUT-CLASS = <integer 1..255>
Value representing the highest permissible spoolout class.

MAXIMUM-RUN-PRIORITY = *UNCHANGED / *STD / <integer 30..255>
This defines the maximum run priority to be included in the group potential; individual group members and subgroups may subsequently be assigned the specified run priority.

MAXIMUM-RUN-PRIORITY = *STD
Default value from the system parameter SYSGJPRI.

MAXIMUM-RUN-PRIORITY = <integer 30..255>
Maximum run priority.

MAX-ALLOWED-CATEGORY = *UNCHANGED / *STD / *TP / *SYSTEM
This defines the task attributes with which the user may work. Individual group members or subgroups may be assigned a subset of the task attribute defined here (SYSTEM includes STD and TP, TP includes STD).

MAX-ALLOWED-CATEGORY = *STD
Tasks under the specified account number must not work with the task attribute TP.

MAX-ALLOWED-CATEGORY = *TP
Tasks under the specified account number may use the task attribute TP.

MAX-ALLOWED-CATEGORY = *SYSTEM
Tasks under the specified account number may use the task attributes TP and SYS.

NO-CPU-LIMIT = *UNCHANGED / *NO / *YES
This determines whether the group administrator is authorized to assign individual group members or subgroups NO-CPU-LIMIT.

NO-CPU-LIMIT = *NO
Individual group members or subgroups must not be assigned NO-CPU-LIMIT.

NO-CPU-LIMIT = *YES
Individual group members or subgroups may be assigned NO-CPU-LIMIT.

START-IMMEDIATE = *UNCHANGED / *NO / *YES
This determines whether the group administrator is authorized to grant individual group members or subgroups the right to use the job express function.

START-IMMEDIATE = *NO
Neither individual group members nor subgroups may be granted the right to use the job express function.

START-IMMEDIATE = *YES
The right to use the job express function may be granted both to individual group members and to subgroups.

INHIBIT-DEACTIVATION = *UNCHANGED / *NO / *YES
This determines whether the group administrator is authorized to grant group members or subgroups the right to make use of the deactivation inhibit function for jobs under this account number.

INHIBIT-DEACTIVATION = *NO
Individual group members or subgroups must not be granted the right to make use of the deactivation inhibit function for jobs under this account number.

INHIBIT-DEACTIVATION = *YES
Individual group members or subgroups may be granted the right to make use of the deactivation inhibit function for jobs under this account number.

REMOVE-ACCOUNT =
This specifies the account numbers that are to be deleted from the group potential.

REMOVE-ACCOUNT = *NONE
The current definitions are retained.

REMOVE-ACCOUNT = *ALL
All account numbers are removed from the group potential. The command is rejected if any of the account numbers specified here is also specified via the ADD-ACCOUNT or MOD-ACCOUNT operand.

REMOVE-ACCOUNT = list-poss(127): <alphanum-name 1..8>
Account number(s) to be deleted. The command is rejected if any of the account numbers specified here is also specified via the ADD-ACCOUNT or MOD-ACCOUNT operand.

BASIC-ACL-ACCESS = *UNCHANGED / *BY-GROUP-ONLY / *EXTENDED-BY-GUARD(...)
Controls group access for files and job variables which are protected with BACL.

BASIC-ACL-ACCESS = *BY-GROUP-ONLY
When files and job variables which are protected by BACL are accessed, only the actual group membership itself is of relevance.

BASIC-ACL-ACCESS = *EXTENDED-BY-GUARD(...)
When files and job variables which are protected by BACL are accessed, certain users are treated as if they were group members.

GUARD-NAME = <filename 1...18 without-cat-gen-vers>
Name of the guard in which the access conditions are defined. If these conditions are satisfied for a user at the time access is attempted, then he or she has the same rights as a group member.

If the guard does not exist or cannot be accessed at the time access is attempted, then the condition is considered to be not satisfied.

The check of access rights to files and job variables which are protected by BACL is based on the group structure on the home pubset. The group administration guards must therefore also be stored on the home pubset for the current session. For this reason, the name of the guard must be specified without a catalog ID. If the name of the guard is specified without a user ID, then the guard is expected under the user ID under which the command /ADD-USER-GROUP was called.

The group administrator is responsible for ensuring that the guard exists and can be accessed. It may therefore be necessary to create the guard under the group administrator’s user ID on the home pubset and set its SCOPE attribute for the group in question.

Command return codes